To understand what sensitive design and configuration information of the application/system/organization is exposed both directly (on the organization’s website) or indirectly (on a third party website).
(from the OWASP Testing Guide v4.0 Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)
- list of IP addresses linked to FQDN/URL’s and protocol (ftp/http/https)
- list of discovered domain names
- virtual host detection
You can use BING to find urls, hosts and domain related information by performing an IP address search. Just use the search operator ip:
From this search we discovered that this IP address related to the following domains:
You can narrow your search by adding the hosts/domains you already have on your list with a minus.